Dynamic adaptive inter-layer control of wireless data communication networks

ABSTRACT

System, apparatus, and methods are disclosed wherewith a group of independent wireless routing devices known as Service Points work cooperatively to form an ad hoc mesh, communication network. The resulting Service Point Network is used to provide reliable address-directed communication services between devices attached by conventional means (wired or wireless) to respective Service Ports on any of the Service Points. Attached Utilizing Devices are not considered a part of the Service Point Network and need not contain any custom software or hardware related to the operations of the Service Point Network. Consequently, the networking technology used to form the Service Point Network is independent of the technology used for connecting devices to Service Points. Services for Utilizing Devices include both point-to-point as well as point-to-multi-point communication. To protect the security of network communications and the integrity of the network, the Service Points are assigned internal IP addresses and unique identifiers that need not be disclosed to the Utilizing Devices. The unique identifiers in turn are used to derive public and private encryption key pairs for each Service Point.

RELATED APPLICATIONS

[0001] This is a Continuation-In-Part Application of prior pending U.S.application Ser. No. 10/426,125, filed Apr. 28, 2003, the disclosure ofwhich is incorporated herein by reference.

FIELD OF INVENTION

[0002] This invention relates to wireless telecommunication networks,including particularly ad hoc mesh wireless networks.

BACKGROUND ART

[0003] Wireless Local Area Network (WLAN) technologies are rapidlymaking their way into all types of networks (e.g., home, SOHO,education, enterprise). Nearly all networking companies have beenrapidly adding WLAN components to their product portfolio. Governingthis technology expansion are the IEEE 802.11 standards, currently theindustry's choice for WLAN architecture compliance. While the standarddefines alternative modes of operation, today it is the InfrastructureMode that is most commonly deployed. In this mode a wireless AccessPoint (“AP”) is attached to the LAN via an Ethernet cable and wirelessUtilizing Devices associate with the AP to gain wireless access to theLAN. The wireless clients must be within radio range of an Access Pointand be capable of passing any authentication screening the AP maydeploy. Sufficient AP's must be deployed to insure radio coverage of thedesired area and capacity for the desired number of clients, as each APcan only support a limited number of associated clients. FIG. 1 (priorart) thus illustrates how access to LAN server 100 and its services isextended one wireless radio hop to Utilizing Devices 120 by thedeployment of APs 110.

[0004] Deploying a WLAN in this manner can require extensive siteevaluation, security planning, and—as illustrated in FIG. 1—lots ofwire. Thus, each of AP's 110(a)-(c) are connected via correspondingwires 105(a)-(c) to LAN 100. Moreover, some devices—such as computerserver 130, printer 140, and projector 150 in the example of FIG. 1—maynot be configured for association with APIs 110, resulting in yetadditional wired 105 connections back to the LAN. The mobility affordedby the prior art environment of FIG. 1 is thus focused on accommodatinglimited motion by clients 120; however the Access Points 110 themselves,as well as servers and services e.g. 130, 140, and 150 are stillstationary-wired LAN systems. This prior art design methodology has beeninstrumental in launching the WLAN revolution worldwide. There is,however, need for a new approach that will enable networking componentsto gain their freedom via wireless technologies, while continuing toadhere to established industry standards (particularly those governed byIEEE 802.11), and while preserving or even improving the ease andsecurity with which mobile and other devices can access LAN resources.

SUMMARY OF THE INVENTION

[0005] Briefly, the present invention provides method apparatus foraccessing resources via a wireless communication network. The network isknown as a Service Point Network (“SPN”) and is a wireless networkcomprising multiple Service Points, each potentially connected to aUtilizing Device. Utilizing Devices are not part of the SPN, but connectto one or more Service Points and thereby access or provide resourcesvia the SPN. In a further aspect of the invention, a first of theUtilizing Devices accesses a second via packets sent through the SPNbetween the Service Points connected to the two Utilizing Devices. TheService Points preferably communicate with each other using an ad hocmesh network protocol that supports routing via unicast, multi-castand/or broadcast. The SPN is ad hoc with respect to the number,location, environment surrounding the Service Points and connection ofUtilizing Devices to the Service Points which are embodied in physicallymobile nodes. The protocol employs an on-demand or proactive routingalgorithm. Utilizing Devices are connected to the corresponding ServicePoints via wired or wireless connection.

[0006] Methods of the invention preferably include providing a firstUtilizing Device access to a second Utilizing Device, without revealingto the Utilizing Devices the addresses of the connected Service Points.Instead, the Utilizing Device originating the message specifies theaddress of the intended destination Utilizing Device, and the SPNautomatically maps the address to an identifier for the correspondingService Point connected to the destination Utilizing Device. Aspects ofthe invention further include mapping the identifier to a networkaddress of the Service Point, and dynamically remapping it to reflectany change of network address in the course of communicationtransmission.

[0007] In a further aspect of the present invention, the wireless SPNincludes providing at least one private sub-net comprising a selectedsubset of the Service Points, each configured to only forwardcommunications traffic that is either to or from other Service Pointswithin the private sub-net. The method further includes automaticreorganization of the Service Point Network into sub-nets based on oneor more of the following factors: routing, routing management, securitymanagement, frequency, authentication, density, identification, age andtechnologies.

[0008] In various embodiments, Utilizing Devices connected to ServicePoints provide a set of resources consisting of applications, printing,network gateway, DHCP, SMTP, vending/e-commerce, audio, imaging,lighting, utility, appliances, travel, communications, telematics and/oremergency safety. In further embodiments, a first Utilizing Device mayaccess a second Utilizing Device selected, in part, based upon atopological relationship between the Service Points connected to theUtilizing Devices, and/or the physical location of the Service Pointconnected to the second Utilizing Device.

[0009] In another feature, the Service Points each include a NetworkingPort to wirelessly route multi-hop traffic to other Service Points, anda Service Port configured to communicate with one or more UtilizingDevices. A Utilizing Device in communication with a first Service Portcan access another Utilizing Device communicating with different ServicePorts via the SPN, without configuring the Utilizing Devices tocommunicate with the Networking Ports of the Service Points. UtilizingDevices preferably address all Service Points of the network using asingle common IP address.

[0010] The invention further provides a method for providing access toresources via a secure wireless communication network by providing aself-configuring Service Point Network (SPN) of multiple Service Points.Upon joining the SPN, each Service Point is dynamically assigned anSPN-unique identifier. Utilizing Devices are each connected to one ormore Service Points, providing first and second Utilizing Devices accessto each other via secure communication through the SPN between thecorresponding Service Points connected to the Utilizing Devices, usingan asymmetric public-private encryption key pair that is at leastpartially based on the Service Point unique identifiers. In this aspect,providing first and second Utilizing Devices access to each otherthrough the SPN further includes encrypting communications at theService Point connected to the first Utilizing Device and furtherencrypting the key needed to decrypt the communications using a publicencryption key of the Service Point connected to the second UtilizingDevice. Thus, secure communication proceeds through the SPN between anEntry Service Point connected to the first Utilizing Device and aTerminal Service Point connected to the second Utilizing Device, and isencrypted by the Entry Service Point in such a manner that it can onlybe decrypted by the Terminal Service Point.

[0011] In a further feature of the present invention, the encryption keyis employed to send a recipient Service Point one or more managementdirectives in a secure and authenticated manner. The managementdirective incorporates a “liveness” value public key challenge forpurposes of authentication. Management directives used in SPN formationinclude one or more of the following: hello, welcome, join, accept,leave, or goodbye. In another aspect, the recipient Service Point isassociated with multiple encryption key pairs (e.g., Manufacturer,Owner, Operator), and the different encryption keys are utilizedcorresponding to different classes of management directives.

BRIEF DESCRIPTION OF THE DRAWINGS

[0012] Except where expressly noted otherwise, the following Drawingsand the accompanying Detailed Description are exemplary in nature andprovide illustrative embodiments of the present invention and aspectsthereof.

[0013]FIG. 1 illustrates a prior art wireless local area network (WLAN).

[0014]FIG. 2a illustrates a Service Point (SP) device, including ServicePort and Networking Port.

[0015]FIG. 2b illustrates an SP with multiple Service Ports andNetworking Ports.

[0016]FIG. 3 depicts a plurality of SP's forming a Service Point Network(SPN) via Networking Ports, and connected to a plurality of UtilizingDevices via Service Ports.

[0017]FIG. 4 illustrates a WLAN augmented by an SPN.

[0018]FIG. 5 diagrams network address and port identification for SP's.

[0019]FIG. 6a diagrams a secure communication process via an SPN.

[0020]FIG. 6b is a flow diagram for a secure communication process viaan SPN.

[0021]FIG. 7 illustrates an SPN comprising public and private sub-nets.

[0022]FIG. 8 is a flow diagram outlining a secure process for sendingauthenticated management directives to SP's.

[0023]FIG. 9 diagrams the internal architecture for an SP.

[0024]FIG. 10 shows an architectural overview for the integration of anSP device with a Utilizing Device.

[0025]FIG. 11 illustrates a mobile SPN embodiment.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENT

[0026] A. The Service Point Network—Overview

[0027] We introduce herein the concepts of the Service Point and theService Point Network. Service Points (“SP”) cooperate with one anotherlike building blocks to form a network using a shared wirelesscommunication protocol. The resulting wireless network is referred toherein as a “Service Point Network” or “SPN,” and we refer herein to anSP's communication interface with other members of an SPN as the SP's“Networking Port.” Each Service Point also provides a (logically)separate interface (a “Service Port”) for connection with one or moredevices (“Utilizing Devices”) utilizing the communication services ofthe SPN, whether as sender or recipient of information, resources,and/or requests thereof. Utilizing Devices are not part of the SPN, andneed not necessarily support or recognize the shared wireless networkingprotocol(s) of the Networking Ports used for communication among SP'swithin the SPN; provided that each Utilizing Device does supportprotocol(s) sufficient for communication with the corresponding ServicePort to which it is connected.

[0028]FIG. 2a illustrates basic logical features of Service Point 200 inone embodiment, including Networking Port 210 and Service Port 220. SP200 interfaces with Utilizing Device 230 by means of Service Port 220.Using Networking Port 210, SP 200 can communicate with other SP's toform an SPN, as discussed below in more detail. Thus, FIG. 3 shows aplurality of SP's 300(x) forming SPN 350 via their wireless NetworkingPorts 310(x), and connected to a plurality of Utilizing Devices 330(x)via their Service Ports 320(x). Connected Utilizing Devices 330(x) arenot considered a part of Service Point Network 350, and need not containany custom software or hardware related to the operations of the SPNNetworking Ports. Consequently, the wireless networking technology usedby Networking Ports 310(x) to form Service Point Network 350 (e.g.,802.11 DSSS, 3G CDMA, or Ultra-Wideband) can be independent of thetechnology used for connecting Utilizing Devices to Service Points (e.g.USB, IR, Serial, Ethernet, Parallel). In addition, Service Port 220 mayor may not be physically (hardware) distinct from Networking Port210—provided they perform logically distinct roles, as described. Asdepicted in FIG. 2b, SP 200 can optionally include multiple NetworkingPorts, e.g., 210(a) and 210(b), and/or multiple Service Ports, e.g.,220(a) and 220(b).

[0029]FIG. 4 illustrates a WLAN augmented by SPN 470 in accordance witha preferred embodiment of the present invention. In contrast with priorart WLAN shown in FIG. 1, access to WLAN resources can be provided forwireless mobile clients 420(x)(i) without requiring wired connectionsrunning from each of AP's 410(x) to LAN server 400. Instead, each ofAP's 410(x) is connected locally to a corresponding SP 415(x) of SPN470. Collectively, Access Points 410(x) connected to Service Points415(x) form an extensive WLAN network accessible to mobile clients,utilizing SPN 470 as the backhaul. Thus, Service Points differ from (andare complementary to) Access Points, in that an SPN offers a connectionto communications and services (including, for example, wireless clientaccess via Access Points) anywhere that is desired, without having torun wires for the communications infrastructure. Using Service Points,network designers can freely locate network services so as to providetrue location-dependent services and even systems where the entirenetwork can be mobilized (the latter is discussed below in connectionwith FIG. 11), without the need for wired connections between thelocations where services are accessed and the location where services orresources are originated.

[0030] An SPN is preferably, but not necessarily, self-configured by theSP's as an ad hoc mesh network. “Ad hoc” is used here in the broadspirit of: (1) formed or used for specific or immediate problems orneeds, and/or (2) fashioned from whatever is immediately available. Thead-hoc character of an SPN is preferably with respect to at least one ormore of the following: network membership, time, location, andenvironment (the latter including, for example, line-of-sight, lowhumidity, elevation, metallic vs. non-metallic partitions, indoors,outdoors). In other words, preferably the SP's collaborateopportunistically with any available SP's in radio contact (and meetingthreshold criteria, such as the authentication and privacy criteriadiscussed below) to form an SPN, with the premise that each of themember SP's may independently leave over time and that new member SP'smay independently join over time. In addition, the SPN's topology ispreferably a “mesh”, meaning that there are multiple alternative pathsthrough the network between at least some pairs of member SP's. Meshtopology is considered preferable due to the relatively high number ofconnected systems made possible by omni-directional radio transmissions:LAN segments are segregated by wiring and network design, whereas WLANsegments tend to have more indeterminate integration with other WLANdevices due to the broadcast characteristic of their medium. In apreferred embodiment, SP Networking Ports are implemented using IEEE802.11 compliant wireless broadband radios operating in “Ad-Hoc Mode” tobuild a self-configuring SPN. The SPN is preferably an IP networksupporting multi-hop point-to-point and multi-cast routing, as will bediscussed at greater length below.

[0031] In the following sections the preferred activities andcapabilities of the SPN are described in further detail. Theseactivities are generally carried out by independent and/or cooperativeactions of Service Points. Optionally, additional management elementsmay be employed for observing these activities or for modifying ServicePoint attributes, as discussed below in Section F (“Service PointManagement”).

[0032] B. Service Point Initialization

[0033] Service Point initialization involves all the processes necessaryto put a Service Point into a specified state (e.g., Active, Standby,Shutdown, Maintenance). The initialization is designed to be automatedand to provide plug & go usage. The following Table 1 illustrates theprocesses a Service Point sequences through to initialize itself intothe Active State. TABLE 1 Initialization Sequences Process ActivitySelf-test Power on sequencing of self checks and interface capabilities(e.g., LAN connection, radio channels, radio modulation schemes, memory,software services) Scanning 10 Sec Silent Scan per Ch for Activity SPNSelect Ch, SPN, and ID for formation, Activate Hello Formation messagingand attempt mesh formation based upon selections Activating Successfullyformed, now actively participating in a SPN

[0034] The progression of a Service Point through these processes ismeant to be independent of, and cooperative with, the chosen routingprotocol (e.g., TBRPF) and the specific communications technologies(e.g., 802.11 MAC). The initialization activities may also includesecurity initialization processes, such as those of well establishednetwork security standards (e.g., 802.11x Security).

[0035] At the moment two or more Service Points have formed a nascentSPN, any devices attached to these Service Points potentially expect tobe able to begin IP communications immediately. Therefore, somenetworking fundamentals (e.g., DHCP, SNMP, SMTP, DNS) and theirassociated Servers are preferably supported by the SPN even at thatearly stage in order to support the flow of IP traffic, such as byconfiguring each Service Point to provide limited forms of theseservices as required in a distributed fashion.

[0036] In a preferred embodiment, public key cryptographic mechanismsare employed to help safeguard the security and integrity of the ServicePoints. The keys allow secure encryption of all traffic within the SPN,as will be described in the next section. Each Service Point preferablycarries a unique, manufacturer-installed digital identifier that can beused to uniquely authenticate each Service Point and its residentsoftware. During formation, an SP is challenged and not accepted intothe SPN if it lacks the requisite digital identifier. Thisauthentication capability can similarly be employed in the course ofvarious Service Point activities; for example, authentication can betested and required in connection with management functions such asin-field product software upgrades. In addition, during the SPNformation process, unique names and addresses are preferably assigned toeach SP 550 in the network, as shown in FIG. 5. Thus, each Service Port545 within a Service Point 550 is given a globally unique portidentifier 525 which is the result of a function of (hardwareidentifier(s), time-of-day, network identifiers, and port number).Although this function is applied during initial startup of ServicePoints it may be rerun as needed during the operational stage of theService Point. Port ID 525, in turn, is used to generate apublic/private encryption key pair, for encrypted communication asdescribed in the next section. Networking Port 540 (e.g., 802.11 radio)for each SP 550 is also given an internal IP address 510, unique to SPN500 and utilized for addressing and routing of traffic within the SPN,as will also be described in the next section.

[0037] C. IP Transport—From Originator to Destination, Through the SPN

[0038] The process by which Utilizing Devices can communicate and accesseach other via a Service Point Network, in accordance with a preferredembodiment of the present invention, will now be described withreference to FIG. 6a and the flow diagram of FIG. 6b. For convenience weoccasionally call the Utilizing Device originating a communication the“Originator”, while we call the Utilizing Device that is the intendedrecipient of a communication the “Destination”; and we occasionally callthe Service Point connected to the Originator the “Entry” Service Point,while we call the Service Point connected to the Destination the“Terminal” Service Point.

[0039] At 650, Originator Utilizing Device 600 preferably complies withstandard IP network addressing requirements and addresses acommunication packet 610 to be sent with the destination IP address ofthe Destination Utilizing Device, the ultimate intended recipient ofthat packet. At 651, IP packet 610 is delivered from Utilizing Device600 to its connected Service Point 605, the Entry SP. Entry SP 605performs a series of transformations 615 as follows. At 652, thedestination address of packet 610 (which is the IP address of theDestination) is used by the Entry SP to retrieve the Port ID of theTerminal SP, i.e. the SP connected to the Destination Utilizing Device.In order to support this indexed retrieval, mappings are preferablymaintained, in internal tables, between each Port ID and the IP addressof any Utilizing Devices connected to the SP assigned that Port ID. TheTerminal SP's Port ID is in turn used by the Entry SP, at 653, toretrieve from tables the associated public cryptographic key for thatport and the internal IP address of the Terminal SP. Practitioners willreadily recognize many equivalent ways to structure and implement suchtables, effectively representing the logical relationships described.Those tables are preferably stored locally or otherwise available toeach SP. Thus, by examining the Destination IP address provided by theOriginator for a particular message packet, and then performingstraightforward table lookup, the Entry Service Point can determine thePort ID, internal IP address, and public key of the Terminal SP port towhom the packet should be delivered. In some cases—e.g., for broadcastpackets—the steps of the method may be carried out for more than oneDestination Utilizing Device and correspondingly for more than oneTerminal SP Port ID, encryption key, and/or internal IP address.

[0040] At 654, the Entry SP 605 encrypts the original message packet 610using the Terminal SP's public key, and a new IP header is attached tothis encrypted data 620. This new IP header preferably contains theEntry SP's internal IP address, Entry SP Port ID, Terminal SP's internalIP address, and Terminal SP's Port ID. As practitioners will appreciate,this process is akin to IPSEC tunneling, but is preferably stateless.

[0041] The packet 620 is routed at 655-656, in a multi-hop mannerthrough the Ad-hoc Mesh Network 625 toward the Terminal SP 630(preferably in accordance with the routing algorithm and protocoldescribed below in Section E). When packet 620 eventually arrives atTerminal SP 630, at 659-660 the Terminal SP will perform severaltransformations 635 to restore the original packet. In one of thesetransformations 636 the packet 620 is decrypted by Terminal SP 630 usingits private key, and the fully transformed packet 640 (identical tooriginal Packet 610) is delivered to Destination Utilizing Device 645via the Service Port of the Terminal SP. However, while in multi-hoptransit across the SPN from Entry SP 605 to Terminal SP 630, the packet620 may encounter reassignment of the Terminal SP's internal IP address,or newly formed IP subnets within the Ad-hoc mesh network (subnets arediscussed below in Section D). This occurs because SPNs formdynamically, and by nature are subject to changes in connectivity andmembership. For this reason an SPN will typically need to reissueupdated internal IP addresses to Service Points from time to time. In apreferred embodiment, Port ID numbers and the associated PKI encryptionkeys for each SP remain constant, whereas the internal IP addresses foreach SP may change to reflect changes in network formation.Nevertheless, mapping of the current internal IP address to each Port IDnumber is maintained dynamically in tables distributed in each SP, asindicated above at 652-653. Therefore, each Service Point is capable ofusing the Terminal Port ID at 657-658 to make any transformationsnecessary to find the new IP address of the Terminal SP and to continuethe packet along its way, for example by using a mechanism such asInternet Port Address Translation (PAT). In this way, changes to theinternal IP address of a SP from time to time have no effect on thedirectory of devices and networks attached to the SP's (indexed byconstant Port ID's, as noted above) or their connections to each other.

[0042] At 659, as previously noted, the packet is decrypted at theTerminal Service Point, and in fact can only be decrypted by theTerminal SP because that is the only device in possession of thecorresponding private key, in the preferred embodiment. Thus, user datamoving in the body of IP messages within the SPN is preferably encryptededge-to-edge—i.e., from the Service Port of the Entry SP that isconnected to the Originator Utilizing Device, to the Service Port of theTerminal SP connected to the Destination Utilizing Device. Consequently,SPNs themselves do not increase the exposure of user data per se.However, practitioners should bear in mind that beyond the SPN—forexample, the wireless transmission of data between a mobile client andan Access Point connected to a SP as a Utilizing Device—this informationenjoys no special protection by the SPN, and user information that mustbe protected should be protected using standard virtual privatenetworking utilities of the appropriate strength.

[0043] In some cases and embodiments, determination of the Terminal SPby the Entry SP may advantageously be driven in part bylocation-sensitive considerations. For example, the needs of a UtilizingDevice (such as a client computer user) seeking access to the printerlocated nearest to that Utilizing Device might be best served by routingthe communication to the Terminal SP that is connected to the “nearest”printer as determined by the SPN topology map maintained throughout thenetwork in each SP. This approach uses network topology as a proxymeasure for physical proximity. Alternatively, if current physicallocations of each SP in the SPN are known and maintained in a table orother storage available to the SP's, then in the previous example theEntry SP can inspect the location table and identify which one of theSP's that is connected to a printer is located physically closest to theEntry SP itself.

[0044] In the preferred embodiment, there is no need for the Originatoror the other Utilizing Devices to know or specify internal IP address510 or Port ID 520 for the Terminal SP or any of the other SP's.Instead, the SPN is preferably an IP network operating within its owndomain. Devices connecting to a Service Point see the SPN as a virtualswitch with a single IP address for management. Within the SPN ServicePoints are assigned internal (hidden) IP addresses. These SPN IPaddresses are not accessible from outside the SPN. Managementapplications (as discussed below in Section F) can obtain an identifierfor each Service Point by contacting SPN management handler (SNMP) 942within any Service Point (see FIG. 9, discussed below), and the handlerwill translate requests as necessary so they are internally routedwithin the SPN to the desired Service Point.

[0045] D. Subnets: Private SPNs

[0046] SPN formation and internal IP addressing preferably takes fulladvantage of subnets and subnet routing as is done in the Internettoday, in order to optimize routing and network managementconsiderations. For example, when a new SP acts to join a public SPN, ifmultiple public SPNs or subnets are available within radio contact, onepossible strategy is for the SP to join the smallest such SPN or subnet.(Different considerations and constraints apply with respect to PrivateSPNs, discussed below.) Moreover, as an SPN grows in size and complexityit may partition itself into subnets as necessary to optimize routingand security management. Similarly, smaller SPNs may be merged in anattempt to optimize routing and security management. Several attributesare preferably considered in these partitioning and merging functions(e.g., Frequency, Authentication, Density, Identification, Age,Technologies). Consider the use of frequency as a metric forpartitioning an active SPN. By monitoring the population of SP'scurrently in the SPN and understanding their connectivity with oneanother, a certain threshold for density can be exceeded. With thisevent a scan can be conducted to see if another frequency is availablewith a lower density figure or even unoccupied. Once identified, this“goto” frequency is advertised and SP's can make the decision to dropout of the current SPN frequency assignment and goto the advertisedfrequency. Even if more than one goto frequency is selected, it is okayfor different SP's to move to different frequencies. In a like fashion,a too-low density threshold can be detected after an aging function anda decision can be made to try to move to a more highly connected SPN.

[0047] An SPN is preferably formed according to one of two constructionprinciples, Public or Private. These constructs are from the perspectiveof the routing and forwarding functions. Service Points within a PublicSPN willingly forward any traffic to and from destinations within orbeyond the Public SPN. In contrast, Private Service Points within aPrivate SPN will only forward traffic to or from destinations within thePrivate SPN. This restricts Private SPNs from being used as transportbridges for Public SPNs. These restrictions only apply to the routing ofmessages and are not a characteristic of nodes connected to the ServicePoint. FIG. 7 illustrates the contrasting effect of these twoconstructs. Node A 715 of public SPN 710 cannot traverse either of thePrivate SPNs 720 or 730 in order to talk to Node D 745. Node A 715 cantalk to Nodes B 735 or C 725, however, as those nodes are endpointswithin their respective Private SPNs 730 and 720.

[0048] Public construction allows Service Points to be added to a PublicSPN by anyone. Hence, large communities can create an SPN ratherdynamically as each new Service Point is openly accepted into theService Point Network. In contrast, Private construction preferablyrequires authentication and authorization for each Service Point to beadded to a Private SPN. A customer-specific digital certificate isdeposited into each Service Point within a Private SPN as it is acceptedinto a Private SPN. Thereafter, the customer/owner has the ability toperform optional management functions on Service Points using SPNmanagement software as discussed in Section F below.

[0049] E. SPN Routine Algorithm

[0050] In wireless multi-hop networks generally, a routing algorithm isneeded to consider several link attributes while trying to deliver adesired Quality-of-Service. In an ad-hoc mesh SPN, the routing algorithmfaces the especially dynamic nature of link attributes resulting fromchanges in traffic load and radio connectivity. As practitioners willrecognize, choosing the routing algorithm for a given application orembodiment should be done with an eye toward preserving the stability ofthe SPN. For a preferred embodiment, the inventors have selected themobile routing algorithm known as “TBRPF” (Topology Broadcast based onReverse-Path Forwarding), developed by SRI International (seeInternational Patent Application No. PCT/US01/69863, “Mobile Ad HocExtensions For the Internet,” filed Mar. 16, 2001 by SRI International).TBRPF algorithm is a relatively mature routing algorithm, isdistinguished by its low overhead, and supports multi-hop routing inboth partial and full mesh topologies.

[0051] The routing algorithm is an important core element of anoperational SPN. Nevertheless, there are also several other criticalfunctions needed to support the SPN such as Management, Billing,Performance Tuning. In the management area alone there are such thingsas power control monitoring and adjustment, spectrum monitoring andselection, and queue monitoring and prioritization. Additionally, therouting algorithm as well as these other key operational components havebeen modularized making their replacement and switchover possible withinoperational Service Points.

[0052] TBRPF has been submitted to the IETF for consideration in theMobile Ad-hoc Network (MANET) working group as a proactive categorycandidate (see http://www.erg.sri.com/projects/tbrpf/docs/draft07.txt,Mobile Ad-Hoc Networks Working Group Internet-Draft, “TopologyDissemination Based on Reverse-Path Forwarding (TBRPF),” SRIInternational, dated Mar. 3, 2003). Mesh networks present a number oftechnical challenges (e.g., hidden and blocked terminals, channelcapture, overhead traffic, and propagation delays) and TBRPF is a matureand well-tested protocol that helps overcome such challenges in ascalable fashion.

[0053] In order for the SPN to efficiently route traffic (anything lessthan flooding) from Entry SP 605 to a Terminal SP 630, it fundamentallyneeds to know that the destination exists and how to get to it. Somerouting algorithms operate on demand by getting the answer to thesequestions when they are needed. Others are more proactive working tocache and maintain this information throughout the SPN so that it willbe available when needed. These two approaches have differing managementoverhead profiles and thus their performance can vary greatly indifferent environments. TBRPF is a proactive algorithm, and simulationand evaluation indicates that it maintains a relatively conservativemanagement overhead profile.

[0054] Within a distributed routing algorithm the question of adestination's existence and how to get to it may be generalized. Forexample, in some nodes the answer may be, “I don't know if thedestination exists, but if it does it would be in that direction.”Similarly, the complete path to a destination may not be known in agiven node but the answer may be, “I don't know the full path to thisdestination, but I am on the path and I should forward this messagealong.” It is generalizations such as these that allow the management ofdistributed algorithms to be conservative on sending out costly routinginformation. It also illustrates how an algorithm might take advantageof combining both proactive and on demand characteristics.

[0055] Just knowing that a node is on the path to the destination isstill not quite enough to launch a radio transmission. There are alsothe questions such as, “Who is next on the path?” “When should I send?”“What power should I transmit at?” Once again routing algorithms willdiffer on how they address these questions. The who's next question caneither be asked by the sender or the receiver. With unicasttransmissions the sending node decides which is the next node towardsthe destination. With multi-cast transmissions the receiving nodes mustdecide independently which of them should be the next node towards thedestination. There are pros and cons to each of these approaches. In apreferred embodiment, we use TBRPF and allow Service Points to select touse either unicast or multicast methods.

[0056] Even the seemingly simple when to transmit question is compoundedby the effects of the hardware's MAC, radio interference, messagebacklog, Quality of Service, signal strength, and mobility. Thus, itwill by now be apparent to the practitioner that the forwardingalgorithm is very complex, distributed, and dynamic. While our preferredembodiment utilizes TBRPF, as discussed, it should be emphasized thatService Point Network architecture in accordance with the presentinvention permits the use of any routing algorithm as selected by thepractitioner.

[0057] Further, in a preferred embodiment of the present invention,mature standard Internet Messaging Protocols are employed to provideSecurity and Quality-of-Service options.

[0058] F. Service Point Management

[0059] In a further feature of the present invention, an SP's encryptionkey is employed to send management directives to the SP in a secure andauthenticated manner, as shown in the flow diagram of FIG. 8. Managementdirectives are special communication messages that effect networkformation and/or SP configuration, such as: hello, welcome, join,accept, leave or goodbye. It is important to authenticate the identityof the SP's with whom such messages are exchanged, in order to protectthe integrity of the SPN from being damaged such as by spurious devicesjoining the SPN or falsely asserting that a genuine SP is leaving theSPN.

[0060] Toward that end, at 800 a management directive is composed for aselected SP. At 810-820, the sender preferably augments the directivemessage by embedding in it a fresh key (or “nonce” value), as aprotection against “replay” attack by unauthorized eavesdroppers. Forbackground regarding the utilization of embedded nonce values as anauthentication mechanism to defeat replay attacks, practitioners mayreference Intrusion-Tolerant Group Management in Enclaves, by B.Dutertre and H. Saldi and V. Stavridou, from International Conference onDependable Systems and Networks, Göteborg, Sweden (July, 2001). Theaugmented message is then encrypted by the sender at 830 using thepublic key of the recipient SP. In some embodiments, practitioners mayfind it preferable to associate each SP with multiple encryption keypairs (e.g., associated with manufacturer, owner, and owner of the SPN,respectively) corresponding to different classes of managementdirectives or other authenticated communication, and to utilize each ofthe different encryption keys depending on the specific communicationbeing sent.

[0061] At 840, an ID of the recipient SP is used to obtain the SP'sinternal IP address. Typically, the original sender of the directive isa member SP of the network, and sender SP preferably performs 840directly referencing internal tables as discussed earlier in connectionwith FIG. 6; whereas if the original sender is external to the SPN (e.g.a centralized management entity) then it may indirectly cause 840 to becarried out, such as via contacting an SNMP handler of a member SP asdescribed above at the end of Section C. In any case, at 850 thedirective message is ultimately routed via the SPN to the recipient SP,and at 860 the recipient SP decrypts the message using its appropriateprivate key. Unintended recipients of the message (such as unauthorizedeavesdropper) will not be able to decrypt the message, since they willlack the requisite private key. Having decrypted the message, at 870 thegenuine recipient SP is able to extract the embedded fresh key, andutilizes that key to generate a response (e.g., encrypted with theextracted key) that can be authenticated by the sender at 880. If therecipient has failed to properly decrypt the message and extract theembedded key, the recipient will fail to respond properly, will fail theauthentication test, and consequently its spurious request e.g. to joinor leave the SPN can properly be rejected. The embedded key's“freshness” or “liveness” insures that this protocol cannot be deceivedby simple replay attack, as illustrated in the above-referencedpublication Intrusion-Tolerant Group Management in Enclaves within thecontext of “enclave” groups and virtual private networks.

[0062] Although Service Points are designed to auto configure and selfheal in the face of changing radio connectivity, there can arise theneed to inspect a Service Point for configuration, logs, or diagnosticinformation. For this purpose a Service Point Management Handler (SNMP942, see FIG. 9 below) is preferably employed to make theseadministration tasks simple and SNMP compatible. The Service PointNetwork management protocol is distributed and does not require acentral management service. However, a central management service canoptionally be used to either view or manipulate various Service Pointoperating parameters. For example, a view-only manager can optionally beprovided to allow general viewing (but not modification) of performanceand wellbeing operating parameters within SP's. This information maypreferably be correlated across multiple SP's as well, in order toprovide a more comprehensive understanding of how the SP's view the SPNat any given time. In light of the architecture described herein,network information of this nature can be viewed without compromisingthe security or privacy of SPN traffic. A more aggressive managementapplication can also optionally be provided, allowing authenticatednetwork operators to manipulate parameters within SP's so as to causethem to alter their behavior and independent decision logic. Forexample, using network management utilities, specific Service Ports canbe locked in to receive certain classes of traffic so that all suchtraffic would be sent to a specified Service Port without regard toother considerations for choosing the destination Service Port. Anotherexample of the Manager Point Application would be to provide anaccounting application with access to billing information that it hasactivated within the SP's.

[0063] G. Further Embodiments and Applications

[0064]FIG. 9 diagrams the internal architecture for an SP 900, in apreferred embodiment. Thus, SP 900 includes hardware interface 910,which in turn includes wireless interface 912 (e.g. based on 802.11standards) for use by Networking Port 210 of the SP, and wired Ethernetinterface 914 for use by Service Port 220 of the SP. SP 900 furtherincludes standard IP networking stack 920, and standard operating systemcomputing environment 940, involving inter alia support for networkingprotocols SNMP 942, ICMP 944, DCHP 946, and routing tables 948. Inaddition, SP 900 core environment 930, supporting the functionality ofthe present invention and including: mesh routing algorithm 936 (asdescribed at length in Section E) for wireless multi-hop routing withinthe SPN, and SPN support functions such as Naming 932 and Forming 934configured to perform the ID and address assignment and mappingfunctions described herein in connection with FIGS. 5-8.

[0065] In a further feature of the present invention, PwrCntl module 938provides logic for dynamic adjustment of low-layer (e.g., physical orMedia Access Control) network control parameters such as transmissionpower and frequency, in response to higher layer (link/routing) networkconditions such as connectivity and topology. Each SP, as a member ofthe SPN, implements a lower layer (e.g., a physical communication layerand/or a Media Access Control layer, as represented by hardwareinterface 910 shown in FIG. 9), and a higher layer of communicationfunctionality (e.g., IP Networking 920, along with the relevant elementsof OS environment 940 and SPN Support 930). In a preferred embodiment,PwrCntl logic 938 determines the SP's current environmental status atthe higher layer—including, for example, the current specifics ofconnectivity/neighborhood, routing information, and topologyinformation. Based on these higher-level networking conditions, logic938 dynamically adjusts one or more communication parameters pertainingto the lower layer such as channel selection, transmission power, signalprocessing gain, selection among diverse antennas or antenna modes,coding rates, and the contention resolution table. For example, inhighly connected networks fair access to a common channel presents aproblem of resolving interference/collisions; as well, it is desirableto increase data throughput, and/or reduce traffic congestion andqueuing delays. Thus, if high connectivity (e.g., above certainthresholds as determined by the practitioner) and/or excessive levels ofnetwork performance measures (such as throughput or delay) are observedby PwrCntl logic 938 at the higher networking layer, logic 938 cantrigger a request to reduce transmission power in the physical layer. Bycontinually monitoring the resulting network topology at the networklayer, further power adjustments can be made until there is lessinterference and more opportunity for multiple simultaneous transmittingunits. In similar fashion, PwrCntl logic 983 might intervene to switchthe transmitting frequency of the SP, or to adjust the MAC-layercontention resolution table, in order to mitigate the problems ofcollisions and interference indicated by the higher-layer networkingenvironment conditions. In this way, physical layer communicationparameters for one or more members of a Service Point Network may bedynamically and intelligently adjusted based on current environmentalconditions at the higher networking layer (e.g., topology and routingconsiderations).

[0066] SP's forming an SPN can preferably provide access to apotentially broad range of communication or networking services, suchas: distributed applications, printing, gateways, DHCP, SMTP, vending,audio, imaging, lighting, utilities, appliances, travel, communications,telematics, and location-based services. These functional services andothers may be delivered advantageously through deployment of ServicePoints within ubiquitous devices such as light fixtures, phones,monitors, parking meters, signal lights, and vending machines.

[0067] Also note that while aspects of the preferred embodiment weredescribed with respect to a wireless LAN for illustrative purposes (asin FIG. 4), practitioners will readily appreciate that the teachings andbenefits of the present invention may similarly be applied to wirelessMAN and WAN environments and markets.

[0068] As illustrated in FIG. 10, for some embodiments and applicationsit may be advantageous to physically integrate Utilizing Device 1030with Service Point 1040 as a single product 1010, such that they sharecertain common components (e.g., power supply). Even then, Service Point1040 remains functionally and logically separated from Utilizing Device1030. For example, an attractive product might be a combined WirelessAccess Point and a Service Point (SP/AP). Here are three levels ofintegration that could be considered for combining these products:

[0069] Separate boxes for SP and AP, with an Ethernet connection betweenthem

[0070] Separate PC boards for SP and AP, in a common box with a PCIadaptor connection between them

[0071] Separate application processes for SP and AP, with a socketinterface connection between them.

[0072] Practitioners, of course, may select appropriate levels ofintegration depending upon the requirements and considerations ofparticular applications and circumstances.

[0073] Mobile Service Points, illustrated in FIG. 11, change the waywireless networking can be designed, enabling the mobility of entirenetworks as opposed to the mobility of solely client-utilizing nodes. Asshown in FIG. 11, mobile SPN 1100 includes and opportunisticallyleverages a combination of independently deployed SP's including: mobileSP nodes 1120(a)-(n) deployed in moving automobiles; mobile SP nodes1110(a)-(c) deployed in a moving train; mobile SP node 1130 deployed ina currently parked car; and fixed SP nodes 1150, 1160 and 1170(a)-(c)that have been deployed in the area e.g., by a local merchant (gasstation, motel, and utilities). (Note also node 1140 deployed in aparked vehicle and not participating in SPN 1100, because for example itis not powered on). Mobile SPN 1100 is opportunistically formed by thead hoc, self-configured networking of these nodes. As the vehicleshosting the various mobile nodes move away in various directions, SPN1100 will be reformed in an ad hoc manner, and may be replaced bymultiple distinct mobile VPNs depending on where groups of active SP'scongregate and organize themselves at any given time. In light of theteachings herein, practitioners will recognize and can develop a widerange of services designed to exploit Service Point mobility.

[0074] Other embodiments are within the scope of the following claims.

What is claimed is:
 1. A method of adaptively modifying communicationparameters for a member of a wireless packet-switched data communicationnetwork, each member of the network implementing at least a low layerand a higher layer of communication functionality, the methodcomprising: determining current environmental networking information,for a member of the network, pertaining to the higher layer; anddynamically adjusting, for said member of the network, one or morecommunication parameters pertaining to the low layer, based on thecurrent higher layer information.
 2. The method of claim 1, wherein thewireless network is an ad hoc network.
 3. The method of claim 1, whereinthe wireless network has a mesh network topology.
 4. The method of claim1, wherein the wireless network is a Service Point Network.
 5. Themethod of claim 1, wherein the environmental networking informationincludes one or more of: {connectivity, neighborhood membership, routinginformation, network topology information}.
 6. The method of claim 1,wherein the low layer parameters are adjusted in a manner designed toimprove communications within the network.
 7. The method of claim 6,wherein the low layer parameters are adjusted in a manner designed toimprove communications within the network with respect to one or more ofthe following: {reduce interference, reduce adverse collision effects,reduce channel contention, increase data throughput, reduce queuingdelays}.
 8. The method of claim 6, wherein the low layer parameters areadjusted in a manner designed to improve communications within thenetwork by reducing one or more of the following: {interference, adversecollision effects, channel contention}.
 9. The method of claim 1,wherein the low layer parameters include one or more of: {channelselection, transmission power, contention resolution algorithm, antennadiversity, signal processing gain, coding rate}.
 10. The method of claim1, wherein the low layer parameters include one or more of: {channelselection, transmission power, contention resolution algorithm}.
 11. Themethod of claim 10, wherein adjusting the low layer parameter includesadjusting a contention resolution table.
 12. The method of claim 10,wherein determining current environmental networking informationincludes observing connectivity information at the higher network layer;and wherein dynamically adjusting the low layer parameters includesadjusting transmission power in the physical layer.
 13. The method ofclaim 12, wherein dynamically adjusting the low layer parametersincludes reducing transmission power in the physical layer.
 14. Themethod of claim 12, wherein dynamically adjusting the low layerparameters further includes continually monitoring current networktopology at the network layer, and making one or more additional poweradjustments until less interference is observed.
 15. The method of claim1, wherein the low layer embodies functionality selected from the groupincluding: {physical layer, media access control (“MAC”) layer}, and thehigher layer embodies an Internet protocol.
 16. The method of claim 15,wherein the Internet protocol includes one or more of {TCP/IP, ICMP,SNMP, DHCP}.
 17. The method of claim 1, wherein the environmentalnetworking information includes a network performance measure.
 18. Themethod of claim 17, wherein the network performance measure is selectedfrom one or more of the following: {throughput, delay}.
 19. Adaptiveapparatus operable as a member of a wireless communication network, theapparatus comprising: one or more low layers embodying one or more of:{physical communication functionality, media access control (“MAC”)communication functionality}; a higher layer embodying network-levelcommunication functionality; a multi-hop routing module configured toroute packets within the ad-hoc network; and an adaptation moduleconfigured to dynamically adjust one or more communication parameterspertaining to the low layer, based on current environmental informationpertaining to the higher layer.
 20. The apparatus of claim 19, whereinthe low layer embodies a wireless communication protocol.
 21. Theapparatus of claim 19, wherein the low layer embodies an 802.11protocol.
 22. The apparatus of claim 19, wherein the low layer embodiesa wired communication protocol.
 23. The apparatus of claim 19, whereinthe low layer embodies an 802.3 protocol.
 24. The apparatus of claim 19,wherein the higher layer embodies an Internet protocol.
 25. Theapparatus of claim 19, wherein the Internet protocol includes one ormore of {TCP/IP, ICMP, SNMP, DHCP}.
 26. The apparatus of claim 19,wherein the multi-hop routing module incorporates an ad-hoc mesh routingalgorithm.
 27. The apparatus of claim 19, wherein the ad-hoc meshrouting algorithm is proactive.
 28. The apparatus of claim 19, whereinthe adaptive apparatus is a Service Point, and the wirelesscommunication network is a Service Point Network.